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DETAILED ACTION 



1. 



This action is responsive to RCE filled on July 16, 2009. 



2. 



Claims 1, 2, 4-5, 7-28, 34, 35, 37-42, 44-50 are pending. 



Claim Rejections - 35 USC §112 



3. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

4. Claims 1,19, and 34 recites the limitation "... server, that is separate and 
distinct.." in these claims. There is insufficient antecedent basis for this limitation in the 
claim. For examination purposes it is read as "..server, wherein the server is separate 
and distinct..". 



5. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



6. Claiml, 2, 4-28, 34, 35, 37-42, and 44-50 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over US Patent Pub. 2002/0083342 by Webb et al (hereinafter 



Claim Rejections - 35 USC § 103 



Webb) in view of US. Pat. No. 6,681 ,327 to Jardin (hereinafter Jardin). 
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7. As per claims 1 , 34 and 39 Webb teaches a method, system and computer- 
executable program code for accessing resources on a private network via an 
intermediary server said method comprising (abstract): 

receiving a login request from a user for access to the intermediary server 
(abstract; the gateway receives a login request), the intermediary server storing an 
authentication identifier for each of a plurality of users, the authentication identifier 
identifying an authentication server; 

accessing, based on the authentication identifier an authentication server, that is 
separate and distinct from the intermediary server, to authenticate the user in response 
to the login request (see abstract; the gateway authenticates the client), 

receiving a resource request from the authenticated user at the intermediary 
server (see abstract; the gateway receives a request from the client to access a Web 
server of a device on the network), the resource request requesting a particular 
operation with respect to a resource from the private network (see abstract; the gateway 
receives a request form the client to access a Web server of a device on the private 
network); 

obtaining access privileges for the authenticated user in response to the resource 
request (abstract; the client gets information about its access rights from the gateway); 

determining whether the access privileges for the authenticated user permit the 
authenticated user to perform the particular operation at the private network (devices 
which the user has access to are identified), and 
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preventing, by the intermediary server, performance of the particular operation at 
the private network if the access privileges for the authenticated user do not permit the 
authenticated user to perform the particular operation at the private network (user is 
prevented from accessing Web servers for which the user does not have access rights 
by gateway). 

Although the system disclosed by Webb shows substantial features of the 
claimed invention, it fails to teach the authentication server being separate and distinct 
from the intermediary server. However, Jardin teaches authentication server being 
separate and distinct from the intermediary serve (summary and col. 4, line 35 - 38 and 
Fig. 2, col. 6, line 4-8). Thus having the teachings of Webb and Jardin, it would have 
been obvious to a person having ordinary skill in the art at the time of invention to 
combine the teachings of Webb and Jardin in order to enhance the security and 
reliability of connections of the system disclosed by Webb. 

8. As per claims 19 and 44, Webb teaches a method for providing remote access to 
a private network via an intermediary server, said method comprising (abstract): 

receiving a login request from a remote user for access to the intermediary 
server (abstract and summary; the gateway receives a login request); 

determining whether the remote user is permitted access to the intermediary 
server based on the login request (see abstract and summary; the gateway 
authenticates the client); 
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granting the remote user access to the intermediary server if remote user is 
permitted access to the intermediary server, the granted access carrying access 
privileges to a portion of the private network (see summary; devices which the user has 
access to are identified); 

receiving a resource request from the remote user at the intermediary server if 
the remote user is granted access to the intermediary server, the resource request 
requesting a particular resource on the private network (see abstract and summary; the 
gateway receives a request from the client to access a Web server of a device on the 
network); 

accessing an external authentication server to determine whether the resource 
request from the remote user is permitted by the access privileges (see summary; 
devices which the user has access to are identified) 

supplying the particular resource to the remote user through the intermediary 
server if the resource request from the remote user is permitted by the access privileges 
(see abstract and summary; Web server are access by the user if permitted by the 
gateway based on access rights); and 

denying the remote user from access to the particular resource by the 
intermediary server if the resource request from the remote user is not permitted by the 
access privileges (user is prevented from accessing Web servers for which the user 
does not have access rights by gateway). 
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As per claims 2 and 35, Webb teaches the method of claim 1 , where the 
particular operation is one of a file access operation or an email operation (see 
abstract). 

As per claim 4, Webb teaches the method of claim 1 , where the external 
authentication server is within the private network (Fig. 4, and par. 0047). 

As per claims 5 and 37 Webb teaches the method of claim 1 , 34 and 51 where 
the intermediary server stores the access privileges for a plurality of users (abstract and 
summary). 

As per claim 7, Webb teaches the method of claim 6, where the external 
authentication server is within the private network (Fig 1 -5). 

As per claim 8, Webb teaches the method of claim 7, where the authentication 
identifier comprises a network address for the external authentication server (Fig 1 -5 
and summary). 

As per claim 9, Webb teaches the method of claim 1 , where the resource request 
is from a client-side application running on a client machine (summary and Fig. 1-5). 
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As per claim 1 0, Webb teaches the method of claim 9, where the client side 
application is one of a web browser, an email application or a file access application 
(par. 0019-0024). 

As per claim 1 1 , Webb teaches the method of claim 1 , where the user is a 
remote user (Fig. 1). 

As per claims 1 2 and 38, Webb teaches the method of claim 1 , where the 
resource request is from a client-side application running on a remote client machine 
(Fig. 1 -5). 

As per claim 13, Webb teaches the method of claim 1 , where the private network 
is an intranet or other network (Fig 1 and summary). 

As per claim 14, Webb teaches the method of claim 1 , where the resource 
request is from a network browser (Fig. 1 ). 

As per claim 15 Webb teaches the method of claim 1, where said method further 
comprises: performing the particular operation at the private network to determine a 
response to the resource request if the access privileges for the authenticated user 
permit the authenticated user to perform the particular operation at the private network 
(abstract and summary). 
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As per claims 16 and 40, Webb teaches the method of claim 1 and 34, where 
the authenticated user has an Internet Protocol (IP) address, and wherein said 
determining if the access privileges for the authenticated user permit the authenticated 
user to perform the particular operation comprises: 

determining whether the access privileges for the authenticated user permit the 
authenticated user to perform the particular operation at the private network (abstract 
and summary); and 

determining whether the IP address is authorized (Fig. 1 -5) 

As per claims 18 and 42, Webb teaches the method of claim 17 and 40, where 
the access privileges comprise permitted operations, authorized IP addresses, and 
time-of-day restrictions for a the authenticated user (summary). 

As per claims 20 and 45, Webb teaches the method of claim 19, where said 
supplying the particular resource comprises: 

retrieving the particular resource from a content server (Fig 1); 

modifying at least one URL within the retrieved particular resource (column 1 1 , 
lines 55-67); and 

sending the modified particular resource to the remote user (see summary) 
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As per claims 21 , 23, 46 and 48 Webb teaches the method of claim 1 9, where 
said supplying the particular resource comprises: 

obtaining a response for the particular resource (abstract); 

modifying the response so that links within the response point to the intermediary 
server (summary); and 

sending the modified response to the remote user (summary). 

As per claims 22 and 47, Webb teaches the method of claim 19, where said 
supplying the particular resource comprises: 

determining a host name for a remote server hosting the particular resource 
being requested (summary); 

sending a request for the particular resource to the remote server based on the 
determined host name (Fig. 1-5); and 

receiving, at the intermediary server, a response to the request from the remote 
server (abstract). 

As per claim 24 and 28, Webb teaches the method of claim 19, where the private 
network is an intranet (par. 0022). 

As per claims 25, Webb teaches the method of claim 19, where the resource 
request is from a network browser (par.0028). 
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As per claims 26 and 49, Webb teaches the method of claim 19, where the 
resource request is from a client-side application operating on a remote client machine 
(Fig. 1-5). 

As per claims 27 and 50, Webb teaches the method of claim 26 and 44, where 
the client-side application is selected from the group consisting of: a web browser, an 
email application or a file access application (par. 0028 - 0036). 

As per claim 37, Webb teaches a computer readable memory device of claim 34 where the 
intermediary server stores the access privileges for a plurality of users (summary), and 

where the intermediary server stores an authentication identifier for each of a 
plurality of users, the authentication identifier identifies the external authentication 
server to be used to perform authentication (Fig. 1 - 5 and summary). 

As per claims 17 and 41 , Webb teaches the method of claim 6 and 40. Webb 
teaches wherein said determining if the access privileges for the authenticated user 
permit the authenticated user to perform the particular operation further comprises: 
determining whether time-of-day restrictions are satisfied (summary and body) 

It is noted that any citation to specific, pages, columns, lines, or figures in the 
prior art references and any interpretation of the references should not be 
considered to be limiting in any way. A reference is relevant for all it contains and 
may be relied upon for all that it would have reasonable suggested to one having 
ordinary skill in the art. In re Heck, 699 F.2d 1331, 1332-33, 216 USPQ 1038, 1039 
(Fed. Cir. 1983) (quoting In re Lemelson, 397 F.2d 1006,1009, 158 USPQ 275, 277 
(CCPA 1968)) 
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Response to Arguments 

9. Applicant's arguments with respect to the above claims have been considered 
but are moot in view of the new ground(s) of rejection. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SAHERA HALIM whose telephone number is (571)272- 
4003. The examiner can normally be reached on M-F from 8:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ario Etienne can be reached on (571 ) 272-4001 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Sahera Halim 
Patent Examiner 
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